﻿package com.dykj.platform.iadapter.interceptor;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.struts2.ServletActionContext;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import com.dykj.platform.iadapter.common.Constants;
public class AuthInterceptor extends AbstractInterceptor{
	@Override
	public String intercept(ActionInvocation arg0) throws Exception {
		HttpServletRequest request = ServletActionContext.getRequest();
		HttpSession session = request.getSession();
		String ClientURI = request.getServletPath().trim();
		Map userinfo = (HashMap)session.getAttribute("userinfo");
		if(ClientURI.indexOf(Constants.ACTION_LOGON)>-1){	//执行登录的action、

		}else{
			if(null==userinfo){
				request.setAttribute("msg", "您尚未登录");
				return "initUserLogin";
			}
			if(ClientURI.indexOf(Constants.ACTION_LOGOUT)!=0&&null!=userinfo){	// 不是退出的action
				String type = userinfo.get("type").toString();
				if(!"0".equals(type)&&!"1".equals(type)){		//不是超级用户，需要判断其权限
					List fun = (List)userinfo.get("userFunction");	
					int flag=0;
					for(int i=0;i<fun.size();i++){
						Object str_fun = fun.get(i);
						if(null!=str_fun){
							if(ClientURI.substring(1).indexOf(str_fun.toString().trim())>-1){
								flag=1;
							}else if(str_fun.toString().trim().indexOf("?")>-1&&str_fun.toString().trim().indexOf(ClientURI.substring(1))>-1){
								flag=1;
							}
						}
					}
					if(flag==0){
						request.setAttribute("msg", "你没有此操作权限");
						return "initUserLogin";
					}
				}
			}
		}
		return arg0.invoke();
	}
}
